Lucene search

[email protected]CVE-2019-5322

HistoryFeb 13, 2020 - 12:15 a.m.

CVE-2019-5322

2020-02-1300:15:11

[email protected]

web.nvd.nist.gov

cve-2019-5322

aruba

edge switch

information disclosure

vulnerability

firmware

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.7%

JSON

A remotely exploitable information disclosure vulnerability is present in Aruba Intelligent Edge Switch models 5400, 3810, 2920, 2930, 2530 with GigT port, 2530 10/100 port, or 2540. The vulnerability impacts firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007 and 16.10.* before 16.10.0003. The vulnerability allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.

Affected configurations

NVD

Node

arubanetworks5400r_firmwareRange16.08.0–16.08.0009

arubanetworks5400r_firmwareRange16.09.0–16.09.0007

arubanetworks5400r_firmwareRange16.10.0–16.10.0003

AND

arubanetworks5400rMatch-

Node

arubanetworks3810_firmwareRange16.08.0–16.08.0009

arubanetworks3810_firmwareRange16.09.0–16.09.0007

arubanetworks3810_firmwareRange16.10.0–16.10.0003

AND

arubanetworks3810Match-

Node

arubanetworks2920_firmwareRange16.08.0–16.08.0009

arubanetworks2920_firmwareRange16.09.0–16.09.0007

arubanetworks2920_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2920Match-

Node

arubanetworks2930_firmwareRange16.08.0–16.08.0009

arubanetworks2930_firmwareRange16.09.0–16.09.0007

arubanetworks2930_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2930Match-

Node

arubanetworks2530_with_gigt_port_firmwareRange16.08.0–16.08.0009

arubanetworks2530_with_gigt_port_firmwareRange16.09.0–16.09.0007

arubanetworks2530_with_gigt_port_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2530_with_gigt_portMatch-

Node

arubanetworks2530_10\/100_port_firmwareRange16.08.0–16.08.0009

arubanetworks2530_10\/100_port_firmwareRange16.09.0–16.09.0007

arubanetworks2530_10\/100_port_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2530_10\/100_portMatch-

Node

arubanetworks2540_firmwareRange16.08.0–16.08.0009

arubanetworks2540_firmwareRange16.09.0–16.09.0007

arubanetworks2540_firmwareRange16.10.0–16.10.0003

AND

arubanetworks2540Match-

CPENameOperatorVersion
arubanetworks:5400r_firmwarearubanetworks 5400r firmwarelt16.08.0009
arubanetworks:5400r_firmwarearubanetworks 5400r firmwarelt16.09.0007
arubanetworks:5400r_firmwarearubanetworks 5400r firmwarelt16.10.0003

CPE	Name	Operator	Version
arubanetworks:5400r_firmware	arubanetworks 5400r firmware	lt	16.08.0009
arubanetworks:5400r_firmware	arubanetworks 5400r firmware	lt	16.09.0007
arubanetworks:5400r_firmware	arubanetworks 5400r firmware	lt	16.10.0003

CNA Affected

[
  {
    "product": "Aruba Intelligent Edge Switch 5400 3810 2920 2930 2530 with GigT port 2530 10/100 port or 2540",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "16.08.* before 16.08.0009 16.09.* before 16.09.0007 16.10.* before 16.10.0003"
      }
    ]
  }
]

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-001.txt

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for CVE-2019-5322

prion1 nessus1 cvelist1 nvd1